CVE-2024-3933
May 27, 2024, 6:15 a.m.
Tags
CVSS Score
Product(s) Impacted
Eclipse OpenJ9
- 0.13.0
- 0.44.0
Description
In Eclipse OpenJ9 release versions prior to 0.44.0 and after 0.13.0, when running with JVM option -Xgc:concurrentScavenge, the sequence generated for System.arrayCopy on the IBM Z platform with hardware and software support for guarded storage [1], could allow access to a buffer with an incorrect length value when executing an arraycopy sequence while the Concurrent Scavenge Garbage Collection cycle is active and the source and destination memory regions for arraycopy overlap. This allows read and write to addresses beyond the end of the array range.
Weaknesses
Date
Published: May 27, 2024, 6:15 a.m.
Last Modified: May 27, 2024, 6:15 a.m.
Status : Received
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
emo@eclipse.org
CVSS Data
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
LOW
Base Score
Exploitability Score
Impact Score
Base Severity
MEDIUMCVSS Vector String
The CVSS vector string provides an in-depth view of the vulnerability metrics.
View Vector StringCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L